public JsonResult SplitReservation(ResevationSplitModel form)
{
if (!AuthorizationProvider.CanEditRevenue())
{
return(Forbidden());
}
try
{
var dataProvider = new ReservationRevenueProvider(_dbContext);
var result = dataProvider.SplitReservation(form);
if (result != null)
{
return(Json(result.Value.ToString(), JsonRequestBehavior.AllowGet));
}
else
{
return(Json("-1", JsonRequestBehavior.AllowGet));
}
}
catch (Exception ex)
{
var innerErrorMessage = ex.InnerException != null ? ex.InnerException.Message : string.Empty;
string message = string.Format("Splitting Reservation {0:d} for property code {1} fails. {2},{3}", form.ReservationId, form.PropertyCode, ex.Message, innerErrorMessage);
return(InternalError(message, string.Empty, ex));
}
}
public ActionResult SplitRevenue(int Id)
{
if (!AuthorizationProvider.CanEditRevenue())
{
return(Forbidden());
}
var model = new ResevationSplitModel();
try
{
var provider = new ReservationRevenueProvider(_dbContext);
var entity = provider.Retrieve(Id);
if (entity != null)
{
model.ReservationId = Id;
model.PropertyCode = entity.PropertyCode;
model.ConfirmationCode = entity.ConfirmationCode;
model.ReservationAmount = entity.TotalRevenue;
ViewBag.Title = "Split Reservation";
}
}
catch
{
}
return(PartialView("_ReservationSplitPartial", model));
}
public ActionResult Index(int id = 0)
{
var model = new InquiryViewModel();
// old Dojo logic gets all inquiries if id is not found. so emulate it here.
model.InquiryId = id;
if (id != 0)
{
InquiryProvider inquiryProvider = new InquiryProvider(_dbContext);
InquiriesValidation inquiry = inquiryProvider.Retrieve(id);
if (inquiry == null)
{
model.InquiryId = 0;
}
}
model.UserName = this.User.Identity.Name;
// hack here: for admin role, we set the UserName to 'DelegateDeletion' to allow admin to delete other's inquiry
if (AuthorizationProvider.IsAdmin())
{
model.UserName = "******";
}
return(View(model));
}
public JsonResult SaveApproveStatus(InquiriesValidation form)
{
if (!AuthorizationProvider.IsInquiryEditor())
{
string message = string.Format("User '{0}' does not have permission to save approval status for Inquiry {1}.", this.User.Identity.Name, form.Id.ToString());
DojoLogger.Warn(message, typeof(InquiryController));
return(Json("denied", JsonRequestBehavior.AllowGet));
}
try
{
InquiryProvider inquiryProvider = new InquiryProvider(_dbContext);
InquiriesValidation inquiry = inquiryProvider.Retrieve(form.Id);
SetApproveFields(inquiry, form);
inquiryProvider.Update(inquiry.Id, inquiry);
inquiryProvider.Commit();
return(Json(form.Id.ToString(), JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
string message = string.Format("Save Apporval Ststus for Inquiry {0} fails. {1}", form.Id.ToString(), ex.Message + ex.StackTrace);
DojoLogger.Error(message, typeof(InquiryController));
}
return(Json(string.Empty, JsonRequestBehavior.AllowGet));
}
public JsonResult Update(string model)
{
if (!AuthorizationProvider.CanEditRevenue())
{
return(Forbidden());
}
var codeModel = JsonConvert.DeserializeObject <MissingPropertyCodesModel>(model);
try
{
var dataProvider = new ReservationRevenueProvider(_dbContext);
var entity = dataProvider.Retrieve(codeModel.ReservationId);
entity.PropertyCode = codeModel.PropertyCode;
dataProvider.Update(codeModel.ReservationId, entity);
dataProvider.Commit();
return(Json(codeModel, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
var innerErrorMessage = ex.InnerException != null ? ex.InnerException.Message : string.Empty;
string message = string.Format("Saving Property Code for Reservation {0:d} fails. {1},{2}", codeModel.ReservationId, ex.Message, innerErrorMessage);
return(InternalError(message, string.Empty, ex));
}
}
public JsonResult Create(string model)
{
if (!AuthorizationProvider.IsStatementAdmin())
{
return(Forbidden());
}
var feeModel = JsonConvert.DeserializeObject <PropertyFeeViewModel>(model);
try
{
var entity = new PropertyFee();
var dataProvider = new PropertyFeeProvider(_dbContext);
dataProvider.MapData(feeModel, ref entity);
dataProvider.Create(entity);
dataProvider.Commit();
feeModel.PropertyFeeId = entity.PropertyCostId; // set the created Id to return to kendo grid
return(Json(feeModel, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
var innerErrorMessage = ex.InnerException != null ? ex.InnerException.Message : string.Empty;
string message = string.Format("Creating Property Fee fails. {0} - {1}", ex.Message, innerErrorMessage);
return(InternalError(message, string.Empty));
}
}
public JsonResult Delete(string model)
{
if (!AuthorizationProvider.CanEditRevenue())
{
return(Forbidden());
}
// parameter is passed in as a model with Json string
var entity = JsonConvert.DeserializeObject <ExpenseRevenueModel>(model);
try
{
if (entity.Children.Count == 0)
{
var dataProvider = new ExpenseRevenueProvider(_dbContext);
dataProvider.Delete(entity.ExpenseId);
dataProvider.Commit();
}
return(Json("success", JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
return(InternalError(string.Format("Delete Expense {0:d} fails.", entity.ExpenseId), "fail", ex));
}
}
public ActionResult OwnerStatement(DateTime month, string propertyCode)
{
if (!AuthorizationProvider.CanViewStatement())
{
return(Forbidden());
}
try
{
var provider = new OwnerStatementProvider(_dbContext);
var viewModel = provider.GetOwnerStatement(month, propertyCode);
// get the edit freeze flag
viewModel.IsEditFreezed = (new StatementCompletionProvider(_dbContext)).IsEditFreezed(month);
// statement owner can only see own statement and summary
if (AuthorizationProvider.IsStatementOwner() && !AuthorizationProvider.IsStatementAdmin() && !AuthorizationProvider.IsStatementViewer())
{
// TODO: filter the viewModel for the owner account
}
return(PartialView("_StatementPartial", viewModel));
}
catch
{
Response.StatusCode = (int)System.Net.HttpStatusCode.InternalServerError;
return(Json(false, JsonRequestBehavior.AllowGet));
}
}
public JsonResult Delete(int id)
{
if (!AuthorizationProvider.IsInquiryEditor())
{
string message = string.Format("User '{0}' does not have permission to delete Inquiry {1}.", this.User.Identity.Name, id.ToString());
DojoLogger.Warn(message, typeof(InquiryController));
return(Json("denied", JsonRequestBehavior.AllowGet));
}
try
{
InquiryProvider dataProvider = new InquiryProvider(_dbContext);
// TODO: need to check if the same user is deleting the inquiry
dataProvider.Delete(id);
dataProvider.Commit();
return(Json("success", JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
string message = string.Format("Delete Inquiry {0} fails. {1}", id.ToString(), ex.Message + ex.StackTrace);
DojoLogger.Error(message, typeof(InquiryController));
}
return(Json("fail", JsonRequestBehavior.AllowGet));
}
public JsonResult Update(string model) // parameter must be the same json object defined in parameterMap in kendo's datab source
{
if (!AuthorizationProvider.IsStatementAdmin())
{
return(Forbidden());
}
var feeModel = JsonConvert.DeserializeObject <PropertyFeeViewModel>(model);
try
{
var dataProvider = new PropertyFeeProvider(_dbContext);
var entity = dataProvider.Retrieve(feeModel.PropertyFeeId);
dataProvider.MapData(feeModel, ref entity);
dataProvider.Update(entity.PropertyCostId, entity);
dataProvider.Commit();
return(Json(feeModel, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
var innerErrorMessage = ex.InnerException != null ? ex.InnerException.Message : string.Empty;
string message = string.Format("Saving Property Fee {0:d} fails. {1} - {2}", feeModel.PropertyFeeId, ex.Message, innerErrorMessage);
return(InternalError(message, "fail", ex));
}
}
public ActionResult ViewPrices(int listingId, DateTime startDate, DateTime endDate)
{
if (!AuthorizationProvider.CanEditPricing())
{
return(Forbidden());
}
try
{
var apiService = new FantasticService();
var result = apiService.PriceListing(listingId, startDate, endDate);
if (result.success)
{
return(Json(result, JsonRequestBehavior.AllowGet));
}
else
{
var response = new { success = false, message = "There is error while calling Fantastic calendar API." };
return(Json(response, JsonRequestBehavior.AllowGet));
}
}
catch (Exception ex)
{
var result = new { success = false, message = ex.Message };
return(Json(result, JsonRequestBehavior.AllowGet));
}
}
public ActionResult PricePush()
{
if (!AuthorizationProvider.CanEditPricing())
{
return(Forbidden());
}
try
{
var apiService = new FantasticService();
var result = apiService.PricePush(new FantasticPriceModel {
ListingId = 1157,
StartDate = new DateTime(2018, 12, 17),
EndDate = new DateTime(2018, 12, 20),
IsAvailable = true,
Price = 1150,
Note = "Dojo Api call"
}); // SD011
return(Json(result, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
return(Json(0, JsonRequestBehavior.AllowGet));
}
}
public async Task Login_Authorize_Filed()
{
string email = "test";
var password = new System.Security.SecureString();
var mockAuthService = new Mock <IAuthorizationService <JwtResponse> >();
mockAuthService.Setup(auth => auth.AuthorizeAsync(email, password))
.Returns(Task.FromResult(new AuthorizationResult <JwtResponse>()
{
ErrorMessage = "Error"
}));
var mockSessionService = new Mock <ISessionService <UserSession> >();
mockSessionService.Setup(session => session.SaveAsync("test", new UserSession()))
.Returns(Task.CompletedTask);
var mockStorage = new Mock <ITokenStorage>();
mockStorage.Setup(storage => storage[Token.Access]).Verifiable();
var provider = new AuthorizationProvider(mockAuthService.Object, mockSessionService.Object, mockStorage.Object);
//Act
var state = await provider.Login(email, password);
Assert.False(state.IsAuthentication);
Assert.False(string.IsNullOrEmpty(state.ErrorMessage));
Assert.Equal("Error", state.ErrorMessage);
Assert.Null(state.GetClaim("name"));
}
public async Task ExtendSession_IsSuccess()
{
string refreshToken = "test";
var mockAuthService = new Mock <IAuthorizationService <JwtResponse> >();
mockAuthService.Setup(auth => auth.RefreshAsync(refreshToken))
.Returns(Task.FromResult(new AuthorizationResult <JwtResponse>(new JwtResponse()
{
AccessToken = TestToken
})));
var mockSessionService = new Mock <ISessionService <UserSession> >();
mockSessionService.Setup(session => session.SaveAsync("test", new UserSession()))
.Returns(Task.CompletedTask);
var mockStorage = new Mock <ITokenStorage>();
mockStorage.Setup(storage => storage[Token.Refresh]).Returns(refreshToken);
var provider = new AuthorizationProvider(mockAuthService.Object, mockSessionService.Object, mockStorage.Object);
//Act
var state = await provider.ExtendSession();
Assert.True(state.IsAuthentication);
Assert.True(string.IsNullOrEmpty(state.ErrorMessage));
}
public JsonResult Update(string model) // parameter must be the same json object defined in parameterMap in kendo's datab source
{
if (!AuthorizationProvider.IsStatementAdmin())
{
return(Forbidden());
}
var titleModel = JsonConvert.DeserializeObject <PropertyTitleHistoryRow>(model);
try
{
var dataProvider = new PropertyTitleHistoryProvider(_dbContext);
var entity = dataProvider.Retrieve(titleModel.PropertyTitleHistoryId);
entity.PropertyCode = titleModel.PropertyCode;
entity.PropertyTitle = titleModel.PropertyTitle.Substring(0, Math.Min(200, titleModel.PropertyTitle.Length));
entity.EffectiveDate = ConversionHelper.EnsureUtcDate(titleModel.EffectiveDate);
dataProvider.Update(entity.PropertyTitleHistoryId, entity);
dataProvider.Commit();
return(Json(titleModel, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
var innerErrorMessage = ex.InnerException != null ? ex.InnerException.Message : string.Empty;
string message = string.Format("Saving Property Title {0:d} fails. {1} - {2}", titleModel.PropertyTitleHistoryId, ex.Message, innerErrorMessage);
return(InternalError(message, "fail", ex));
}
}
public JsonResult Create(string model)
{
if (!AuthorizationProvider.IsStatementAdmin())
{
return(Forbidden());
}
var titleModel = JsonConvert.DeserializeObject <PropertyTitleHistoryRow>(model);
try
{
PropertyTitleHistory titleHistory = new PropertyTitleHistory();
var dataProvider = new PropertyTitleHistoryProvider(_dbContext);
titleHistory.PropertyCode = titleModel.PropertyCode;
titleHistory.PropertyTitle = titleModel.PropertyTitle.Substring(0, Math.Min(200, titleModel.PropertyTitle.Length));
titleHistory.EffectiveDate = ConversionHelper.EnsureUtcDate(titleModel.EffectiveDate);
dataProvider.Create(titleHistory);
dataProvider.Commit();
return(Json(titleModel, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
var innerErrorMessage = ex.InnerException != null ? ex.InnerException.Message : string.Empty;
string message = string.Format("Creating Property Title fails. {0} - {1}", ex.Message, innerErrorMessage);
return(InternalError(message, string.Empty));
}
}
public JsonResult Create(string model)
{
if (!AuthorizationProvider.IsStatementAdmin() && !AuthorizationProvider.IsPricingAdmin())
{
return(Forbidden());
}
var dataModel = JsonConvert.DeserializeObject <PropertyFantasticMap>(model);
try
{
var map = new PropertyFantasticMap();
var dataProvider = new PropertyFantasticMapProvider(_dbContext);
map.PropertyCode = dataModel.PropertyCode;
map.ListingId = dataModel.ListingId;
dataProvider.Create(map);
dataProvider.Commit();
return(Json(dataModel, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
var innerErrorMessage = ex.InnerException != null ? ex.InnerException.Message : string.Empty;
string message = string.Format("Creating Property Fantastic Map fails. {0} - {1}", ex.Message, innerErrorMessage);
return(InternalError(message, string.Empty));
}
}
public AuthorizationProviderTests()
{
authorization = new AuthorizationProvider(Assembly.GetExecutingAssembly());
context = new TestingContext();
context.DropData();
}
public async Task <bool> AuthenticateAsync(bool force, CancellationToken ct = default)
{
// https://dev.onedrive.com/auth/msa_oauth.htm
if (!force && _accessCode != null)
{
return(IsAuthenticated);
}
if (await RefreshAccessTokenAsync(ct).ConfigureAwait(false))
{
return(IsAuthenticated);
}
var authorizationCode = AuthorizationProvider.GetAuthorizationCode(this);
if (authorizationCode != null)
{
var parameters = new Dictionary <string, string>(StringComparer.Ordinal);
parameters["client_id"] = ApplicationId;
parameters["redirect_uri"] = ReturnUrl;
//parameters["client_secret"] = "";
parameters["code"] = authorizationCode;
parameters["grant_type"] = "authorization_code";
var result = await PostAsync <OneDriveToken>("https://login.live.com/oauth20_token.srf", new FormUrlEncodedContent(parameters), ct).ConfigureAwait(false);
await HandleTokenResponseAsync(result, ct).ConfigureAwait(false);
}
return(IsAuthenticated);
}
public ActionResult Edit(int Id)
{
if (!AuthorizationProvider.IsInquiryEditor() && !AuthorizationProvider.IsViewer())
{
string message = string.Format("User '{0}' does not have permission to edit Inquiry {1}.", this.User.Identity.Name, Id.ToString());
DojoLogger.Warn(message, typeof(InquiryController));
return(RedirectToAction("Index", "Inquiry")
.WithError("It looks like you do not have permisssion to edit this inquiry."));
}
try
{
ViewBag.Title = "Edit Inquiry";
ViewBag.ButtonText = "Update Inquiry";
InquiryProvider inquiryProvider = new InquiryProvider(_dbContext);
PropertyProvider propertyProvider = new PropertyProvider(_dbContext);
InquiriesValidation inquiry = inquiryProvider.Retrieve(Id);
if (inquiry == null)
{
return(RedirectToAction("NotFound", "Error"));
}
ViewBag.Properties = propertyProvider.AggregatedProperties();
return(PartialView("EditPartial", inquiry));
}
catch (Exception ex)
{
string message = string.Format("Retrieve Inquiry {0} for Editing fails. {1}", Id.ToString(), ex.Message + ex.StackTrace);
DojoLogger.Error(message, typeof(InquiryController));
}
return(RedirectToAction("Index", "Inquiry")
.WithError("The inquiry item cannot be found."));
}
public JsonResult Create(string model)
{
if (!AuthorizationProvider.CanEditRevenue())
{
return(Forbidden());
}
var entity = JsonConvert.DeserializeObject <ExpenseRevenueModel>(model);
try
{
// parameter is passed in as a model with Json string
var dataProvider = new ExpenseRevenueProvider(_dbContext);
dataProvider.Create(entity);
dataProvider.Commit();
if (entity.ExpenseId == 0)
{
entity.ExpenseId = dataProvider.GetKey(entity);
}
entity.ParentId = entity.ExpenseId;
dataProvider.Update(entity.ExpenseId, entity);
dataProvider.Commit();
return(Json(entity, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
var innerErrorMessage = ex.InnerException != null ? ex.InnerException.Message : string.Empty;
string message = string.Format("Saving Expense {0:d} fails. {1} - {2}", entity.ExpenseId, ex.Message, innerErrorMessage);
return(InternalError(message, string.Empty));
}
}
public JsonResult UpdateWorkflowAll(DateTime month, string propertyCode, int state, int direction)
{
RevenueApprovalStatus workflowState = (RevenueApprovalStatus)state;
if (!((AuthorizationProvider.CanReviewRevenue() && workflowState == RevenueApprovalStatus.Reviewed) ||
(AuthorizationProvider.CanApproveRevenue() && workflowState == RevenueApprovalStatus.Approved) ||
(AuthorizationProvider.CanFinalizeRevenue() && workflowState == RevenueApprovalStatus.Finalized)))
{
return(Forbidden());
}
try
{
var dataProvider = new ExpenseRevenueProvider(_dbContext);
var nextState = dataProvider.MoveWorkflowAll(month, propertyCode, workflowState, direction);
if (nextState != null)
{
return(Json(nextState, JsonRequestBehavior.AllowGet));
}
else
{
return(Json("-1", JsonRequestBehavior.AllowGet));
}
}
catch (Exception ex)
{
string message = string.Format("Change {0} Expense workflow fails for property {1}. {2}", month.ToString("MM/dd/yyyy"), propertyCode, ex.Message + ex.StackTrace);
return(InternalError(message, "-1", ex));
}
}
public JsonResult UpdateFieldStatus(int id, string field, int included)
{
if (!AuthorizationProvider.CanEditRevenue())
{
return(Forbidden());
}
try
{
var provider = new ExpenseRevenueProvider(_dbContext);
var ok = provider.SetFieldStatus(id, field, (included == 1 ? true : false));
if (ok)
{
return(Json(id, JsonRequestBehavior.AllowGet));
}
else
{
return(Json(string.Empty, JsonRequestBehavior.AllowGet));
}
}
catch (Exception ex)
{
string message = string.Format("Change Expense 'IncludeInStatement' for ID = {0:d} fails. {1}", id, ex.Message + ex.StackTrace);
return(InternalError(message, string.Empty, ex));
}
}
public JsonResult DeleteRevenue(int id)
{
if (!AuthorizationProvider.CanEditRevenue())
{
string message = string.Format("User '{0}' does not have permission to delete Owner Payout {1:d}.", this.User.Identity.Name, id);
DojoLogger.Warn(message, typeof(OwnerPayoutController));
Response.StatusCode = (int)System.Net.HttpStatusCode.Forbidden;
return(Json(string.Empty, JsonRequestBehavior.AllowGet));
}
try
{
var dataProvider = new OwnerPayoutRevenueProvider(_dbContext);
dataProvider.Delete(id);
dataProvider.Commit();
return(Json("success", JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
string message = string.Format("Delete Owner Payout {0} fails. {1}", id.ToString(), ex.Message + ex.StackTrace);
DojoLogger.Error(message, typeof(OwnerPayoutController));
Response.StatusCode = (int)System.Net.HttpStatusCode.InternalServerError;
return(Json("fail", JsonRequestBehavior.AllowGet));
}
}
public JsonResult SavePayoutAmount(int id, float amount)
{
if (!AuthorizationProvider.CanEditRevenue())
{
string message = string.Format("User '{0}' does not have permission to save Owner Payout {1}.", this.User.Identity.Name, id.ToString());
DojoLogger.Warn(message, typeof(OwnerPayoutController));
Response.StatusCode = (int)System.Net.HttpStatusCode.Forbidden;
return(Json(string.Empty, JsonRequestBehavior.AllowGet));
}
try
{
var dataProvider = new OwnerPayoutRevenueProvider(_dbContext);
var entity = dataProvider.Retrieve(id);
entity.PayoutAmount = amount;
dataProvider.Update(id, entity);
dataProvider.Commit(); // OwnerPayoutId will be filled for new OwnerPayout by EF
return(Json(id.ToString(), JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
var innerErrorMessage = ex.InnerException != null ? ex.InnerException.Message : string.Empty;
string message = string.Format("Saving Owner Payout {0} fails. {1},{2}", id.ToString(), ex.Message, innerErrorMessage);
DojoLogger.Error(message, typeof(OwnerPayoutController));
Response.StatusCode = (int)System.Net.HttpStatusCode.InternalServerError;
return(Json(string.Empty, JsonRequestBehavior.AllowGet));
}
}
/// <summary>
/// Provides an entry point for custom authorization checks.
/// </summary>
/// <param name="httpContext">The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.</param>
/// <returns>
/// false if the user is an admin or editor AND the site is private (ispublicsite=false). Otherwise true is returned.
/// </returns>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="httpContext"/> parameter is null.</exception>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (AuthorizationProvider == null)
{
throw new SecurityException("The OptionalAuthorizationAttribute property has not been set for AdminRequiredAttribute. Has it been injected by the DI?", null);
}
if (!ApplicationSettings.Installed)
{
return(true);
}
// If the site is private then check for a login
if (!ApplicationSettings.IsPublicSite)
{
IPrincipal principal = httpContext.User;
AuthorizationProvider provider = new AuthorizationProvider(ApplicationSettings, UserService);
return(provider.IsAdmin(principal) || provider.IsEditor(principal));
}
else
{
return(true);
}
}
public void SetUp()
{
context = new TestingContext();
provider = new AuthorizationProvider(Assembly.GetExecutingAssembly(), new UnitOfWork(context));
TearDownData();
}
public JsonResult Delete(string model)
{
if (!AuthorizationProvider.CanEditRevenue())
{
return(Forbidden());
}
// parameter is passed in as a model with Json string
var entity = JsonConvert.DeserializeObject <ResolutionRevenueModel>(model);
var ownerPayoutId = entity.OwnerPayoutId;
try
{
var dataProvider = new ResolutionRevenueProvider(_dbContext);
dataProvider.Delete(entity.ResolutionId);
dataProvider.Commit();
var provider = new OwnerPayoutProvider(_dbContext);
provider.UpdateOwnerPayoutMatchStatus(ownerPayoutId);
return(Json("success", JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
return(InternalError(string.Format("Delete Resolution {0:d} fails.", entity.ResolutionId), "fail", ex));
}
}
public JsonResult Update(string model)
{
if (!AuthorizationProvider.CanEditRevenue())
{
return(Forbidden());
}
// parameter is passed in as a model with Json string
var entity = JsonConvert.DeserializeObject <ResolutionRevenueModel>(model);
try
{
if (!string.IsNullOrEmpty(entity.ConfirmationCode))
{
var provider = new ReservationRevenueProvider(_dbContext);
var propertycode = provider.GetPropertyCodeByConfirmationCode(entity.ConfirmationCode);
if (!string.IsNullOrEmpty(propertycode))
{
entity.PropertyCode = propertycode;
}
}
var dataProvider = new ResolutionRevenueProvider(_dbContext);
dataProvider.Update(entity.ResolutionId, entity);
dataProvider.Commit();
return(Json(entity, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
var innerErrorMessage = ex.InnerException != null ? ex.InnerException.Message : string.Empty;
string message = string.Format("Saving Resolution {0:d} fails. {1} - {2}", entity.ResolutionId, ex.Message, innerErrorMessage);
return(InternalError(message, "fail", ex));
}
}
public JsonResult DeleteRevenue(int id)
{
if (!AuthorizationProvider.CanEditRevenue())
{
return(Forbidden());
}
try
{
var dataProvider = new ResolutionRevenueProvider(_dbContext);
var entity = dataProvider.Retrieve(id);
dataProvider.Delete(id);
dataProvider.Commit();
var provider = new OwnerPayoutProvider(_dbContext);
provider.UpdateOwnerPayoutMatchStatus(entity.OwnerPayoutId);
return(Json("success", JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
string message = string.Format("Delete Resolution {0} fails. {1}", id.ToString(), ex.Message + ex.StackTrace);
return(InternalError(message, "fail", ex));
}
}
public FakeAuthorizationProviderTest()
{
this.provider = new FakeAuthorizationProvider();
this.localProvider = Substitute.For<AuthorizationProvider>();
this.helper = Substitute.For<ItemAuthorizationHelper>();
this.entity = Substitute.For<ISecurable>();
this.item = ItemHelper.CreateInstance();
this.rules = new AccessRuleCollection();
}
public SwitchingAuthorizationProviderTest()
{
this.providerMock = Substitute.For<AuthorizationProvider>();
this.mockableProvider = new SwitchingAuthorizationProvider();
}
private void AssertDenied(AuthorizationProvider provider, string topic, TopicPermission topicPermission)
{
Assert.IsFalse(provider.HasPermission(new UnqualifiedTopicName(topic), topicPermission),
string.Format("Checking that user is denied permission {0} on topic {1}", topicPermission, topic));
}
